The present invention relates to a content delivery system and a content delivery method. More particularly, the present invention relates to a content delivery system and a content delivery method, in which a content transaction between an entity which provides a content and an entity which receives the content is performed in an improved manner so as to achieve high security. Herein, the term “system” is used to describe a logical collection of a plurality of devices, and it is not necessarily required that the plurality of devices are disposed in a single location.
It is now very popular to distribute various kind of software data such as a game program, audio data, image data, and a document generation program (hereinafter, such data will be referred to as “content” via a network such as the Internet. It is also popular to perform a commercial transaction and settlement, such as online shopping, bank account settlement, or ticket sales, via a network.
In data communication via a network for such a purpose, data is generally transmitted after confirming that a sender of data and a receiver of data are an authorized sender and receiver to achieve security. One known technique for achieving security in transmission of data is to transmit the data after encrypting the data. Another technique is to write a digital signature on the data.
The encrypted data can be converted into its original form (plaintext) by performing a predetermined decryption process upon the encrypted data. The data encryption and decryption technique in which information is encrypted using an encryption key and decrypted using a decryption key is well known in the art.
Various encryption and decryption techniques using an encryption key and a decryption key are known in the art. One such technique is public key cryptography. In the public key cryptography, a sender and a receiver use different keys, wherein one of the keys is a public key for use by an unspecified user, and the other key is a secret key which is kept secret. For example, a public key is used as a data encryption key, and a secret key is used as a decryption key. Another example is that a secret key is used as an authenticator generation key and a public key is used as an authenticator verification key.
In the pubic key cryptography, unlike the common key cryptography in which a common key is used for both encryption and decryption, a secret key which should be kept secret is held by a specific person. Thus, the public key cryptography has the advantage that the key can be easily managed. However, in the public key cryptography, the data processing speed is low compared with the common key cryptography. Because of the low data processing speed, the public key cryptography is employed mainly in applications such as a digital signature or transmission of a secret key which needs a small data size. A representative example of the public key cryptography is the RSA (Rivest-Shamir-Adelman) cryptosystem. In this technique, a product of two very large prime numbers (for example, 150-digit prime numbers) is used because it is difficult to factorize the product of two very large prime numbers (such as 150-digit prime numbers) into prime numbers.
In the public key cryptography, a large number of unspecified users are allowed to use the same public key, and the validity of a distributed public key is generally certified by a certificate called a public key certificate. For example, a user A creates a public key and a secret key and sends the created public key to a certificate authority to acquire a public key certificate from the certificate authority. The user A opens the public key certificate to the public. An unspecified user acquires the public key from the public key certificate via a predetermined procedure and transmits, to the user A, a document or the like after encrypting it using the public key. Upon reception of the document, the user A decrypts the received document using the secret key. The user A may also attach his/her signature encrypted with the secret key to a document or the like, and unspecified user may verify the signature using the public key extracted from the public key certificate via the predetermined procedure.
In the public key cryptography, a public key certificate is issued by a certificate authority (CA) or an issuer authority (IA), wherein in response to receiving an ID and a public key from an user, the certificate authority issues a certificate after adding information such as an ID of the certificate authority and a validity period and also adding a signature of the certificate authority.
The public key certificate has information about a version number of the certificate, a serial number of the certificate assigned by the issuer authority to a user of the certificate, an algorithm and a parameter used in a digital signature, a name of a certificate authority, a validity period of the certificate, a name (user ID) of the user of the certificate, a public key of the user of the certificate, and a digital signature.
The digital signature is data which is created by generating a hash value by applying a hash function to all data described above except for the digital signature, that is, the version number of the certificate, the serial number of the certificate assigned by the certificate authority to the user of the certificate, the algorithm and the parameter used in the digital signature, the name of the certificate authority, the validity period of the certificate, the name of the user of the certificate, and the public key of the user of the certificate, and then encrypting the resultant hash value using the secret key of the certificate authority.
When a user uses the public key certificate, the user verifies the digital signature of the public key certificate using the public key of the certificate authority the user has, and the user extracts the public key from the public key certificate. Therefore, all users, who want to use the public key certificate, need to have the common public key of the certificate authority.
In a data transmission system based on the public key cryptography using a public key certificate issued by a certificate authority, for example, a content-providing shop transmits a content to a user device after encrypting the content using a public key of the user device. When the user device receives the encrypted data from the content-providing shop, the user device decrypts the encrypted content using a secret key corresponding to the public key of the user device.
However, in many practical content transactions, a content is provided to a user by a content-providing shop which is neither a holder of a license of the content nor a content producer having the copyright of the content. In many cases, the content-providing shop provides the content to the user without confirming that the user is an authorized user. That is, in some cases, a content is provided or sold to an unauthorized user.
In the above-described content transaction system, although a fee for a content is paid from the user device which purchased the content to the content-providing shop which sold the content, it is not ensured that a license fee is paid to a license holder of the content or a content producer having the copyright of the content. In many current systems, a content-providing shop assesses the sales amount and declares it, and a license fee is paid from the shop to a license holder or a content producer having the copyright of a content, on the basis of the sales amount declared by the content-providing shop.
That is, in the conventional content providing system, the license holder or the content producer having the copyright of the content cannot know the actual sales amount and cannot know whether the content is distributed in an adequate fashion.
In view of the problems in the conventional content providing system, it is an object of the present invention to provide a content delivery system and a content delivery method, which allow a license holder or a content producer having the copyright of a content to get accurate information about an actual content transaction performed between a content-providing shop and an user and which allow a content to be distributed while adequately protecting the copyright of the content.